Subscription to the full report on a daily basis can be obtained:
Send an eMail to dhsdailyadmin@mail.dhs.osis.gov with the subject "DHS Daily Open Source Infrastructure Report" and the following line in the body...subscribe.
To obtain a complete copy of the current report proceed to the DHS link below.
To obtain reports more than 10 business days old, send an eMail to DHS_Reports@e-computer-security.com. Be specific as to the reports you wish to receive.

• The former chief executive officer of Valor Federal Credit Union
was charged June 15 after he allegedly embezzled over $700,000 from the bank
and used the money for personal use. – WNEP 16 Scranton See item 5 below in
the Financial Services Sector

• Federal officials charged June 15 two hedge fund managers and a
former U.S. Food and Drug Administration (FDA) official for their roles in a
$32 million insider trading scheme where the hedge fund managers received
insider tips from the FDA official on anticipated FDA approvals. – U.S. Securities
and Exchange Commission

16. June 15,
U.S. Securities and Exchange Commission – (National) Hedge fund managers
and former government official charged in $32 million insider trading scheme. The
U.S. Securities and Exchange Commission announced charges June 15 against two
hedge fund managers and a former U.S. Food and Drug Administration (FDA)
official for their roles in a $32 million insider trading scheme where the
hedge fund managers received insider tips from the FDA official on anticipated
FDA approvals for companies to produce a generic drug ahead of public
announcements. One of the hedge fund managers was charged in a separate
complaint for insider trading on the FDA’s nonpublic information and for
trading on other confidential material obtained from a former Centers for
Medicare and Medicaid Services official.

• Crews worked to contain the 12,000-acre Dog Head Fire burning in
the Manzano Mountains in New Mexico after the governor issued a state of
emergency, evacuated up to 200 residents, and closed Highway 377 June 15. – KOAT
7 Albuquerque

18. June 16,
KOAT 7 Albuquerque – (New Mexico) Dog Head Fire more than doubles in size, grows
to more than 12,000 acres. Crews worked to contain the 12,000-acre Dog Head
Fire burning in the Manzano Mountains in New Mexico after the governor issued a
state of emergency, evacuated up to 200 residents, and closed northbound lanes
of Highway 377 June 15. Source: http://www.koat.com/news/crews-respond-to-east-mountain-fire/40050956

• Security researchers from Kaspersky Lab investigated the xDedic
marketplace and found that 70,624 hacked remote desktop protocol (RDP) servers
used to host or provide access to popular consumer Web sites were for sale. – Help
Net Security See item 26 below in
the Information Technology Sector

Financial Services Sector

5. June 15,
WNEP 16 Scranton – (Pennsylvania) Former credit union CEO accused of bank fraud.
Pennsylvania officials charged the former chief executive officer of Valor
Federal Credit Union, formerly known as Tobyhanna Federal Credit Union, June 15
after he allegedly embezzled over $700,000 from the bank and used the money for
personal use. Authorities stated that the former executive also attempted to
rig the elections for the bank’s board of directors and established a
fraudulent severance deal where he would be paid over $1 million if he was
terminated.

6. June 15,
KSWB 69 San Diego – (California) Man uses fake ID to get debit card, steals $90K.
Authorities are searching June 15 for a man who used a fraudulent ID and
documents to steal $90,000 from a victim’s bank accounts at 5 Chase Bank
branches in San Diego County since March. Authorities stated that the man is
suspected of committing similar thefts in Los Angeles and Orange counties. Source:
http://fox5sandiego.com/2016/06/15/man-uses-fake-id-to-get-debit-card-steals-90k/

7. June 15,
Newark Star-Ledger – (International) 24 charged in ‘intricate’ international bank
fraud ring. Twenty-four people were charged June 14 for their roles in an
international bank fraud ring where the group stole $1 million from banks and
corporations by creating phony companies to defraud individuals and companies
into wiring over $8 million to the group’s fraudulent corporate bank accounts.
Authorities stated that the indictments were part of an ongoing investigation
that was initiated following a routine traffic stop. Source: http://www.nj.com/middlesex/index.ssf/2016/06/24_charged_in_intricate_international_bank_fraud_r.html

For another story, see item 16 above in Top Stories

Information Technology Sector

24. June 16,
Softpedia – (International) Microsoft OLE abused to embed malicious code
in Office docs, similarly to macros. Security researchers discovered a
macro malware infection method was abusing Microsoft’s Object Linking and
Embedding (OLE) system by tricking users into embedding a JavaScript or a
VBScript file that downloads an encrypted binary and bypasses network-based
protections that identify malicious data formats. Once the scripts save the
encrypted binary, a Vibrio or the Donvibs trojan is installed and the final
payload, Cerber ransomware can infect the victim’s system. Source: http://news.softpedia.com/news/microsoft-ole-abused-to-embed-malicious-code-in-office-docs-similarly-to-macros-505301.shtml

25. June 15,
SecurityWeek – (International) Flaw allowed hackers to steal emails from
Verizon users. A security researcher discovered several vulnerabilities in
Verizon’s Webmail portal that could be exploited by hackers, who possess a
Verizon email account, to substitute the value of the userID in their own
request with the victim’s userID in order to forward all the victim’s emails to
an arbitrary email address. Victims would be unaware of the email forwarding as
the transactions are not shown in the Verizon inbox. Source: http://www.securityweek.com/flaw-allowed-hackers-steal-emails-verizon-users

26. June 15,
Help Net Security – (International) 70,000 hacked servers for sale on xDedic
underground market. Security researchers from Kaspersky Lab investigated
the xDedic marketplace, a global forum where cybercriminals can buy and sell
access to compromised servers, and found that 70,624 hacked remote desktop
protocol (RDP) servers used to host or provide access to popular consumer Web
sites were for sale. The illegal data can be used to target government
entities, corporations, and universities without the institute’s knowledge. Source:
https://www.helpnetsecurity.com/2016/06/15/xdedic-underground-market/

27. June 15,
SecurityWeek – (International) Schneider patches severe flaw in video
management system. Schneider Electric released version 7.13.84 for its
Pelco Digital Sentry (DS) product after the company found the tool contained
hardcoded credentials that could be leveraged by an attacker to elevate their
privileges and gain access to sensitive information or execute arbitrary code
on the affected system. Source: http://www.securityweek.com/schneider-patches-severe-flaw-video-management-system

Communications Sector

28. June 16,
SecurityWeek – (International) No patch for critical RCE flaw in Cisco
routers. Cisco reported that it is working to patch several vulnerabilities
for its RV series routers after a security researcher found a cross-site
scripting flaw, several denial-of-service (DoS) flaws, and another critical
flaw, which was caused by insufficient sanitization of Hypertext Transfer
Protocol (HTTP) user input in the device’s Web interface, allowing a remote,
unauthenticated attack to execute arbitrary code with root privileges on the
victim’s system. Source: http://www.securityweek.com/no-patch-critical-rce-flaw-cisco-routers

Links

About Me

U.S. Army Retired Chief Warrant Officer with more than 40 years in information technology and 35 years in information security. Became a Certified Information Systems Security Professional in 1995 and have taught computer security in Asia, Canada and the United States. Wrote a computer security column for 5 years in the 1980s titled "for the Sake Of Security", penname R. E. (Bob) Johnston, which was published in Computer Decisions.
Motto: "When entrusted to process, you are obligated to safeguard"